﻿<?php header('Content-Type: text/xml'); ?>
<?php echo '<?xml version="1.0" encoding="UTF-8"?>'; ?>


<?php
		$email = $_GET['user_email'];
		$user_password = $_GET['user_password'];

		if( !empty( $email ) && !empty( $user_password ) ){ 
				
				$dbc = mysqli_connect( 'localhost' ,'root' , '1234', 'teresa' ) or die( 'Error connecting to MySQL server.');		

  
				$query = "SELECT email, first_name, user_id FROM teresa_user WHERE email = '$email' and password = SHA( '$user_password')";
				$data = mysqli_query( $dbc , $query);

				if( mysqli_num_rows( $data ) == 1 ){		
					$query = "SELECT * FROM teresa_message WHERE sender = '$email'";
					$data = mysqli_query( $dbc , $query) or die('ERROR queerying database.');
		
					$number = 0;
		
			
					
					echo '<result>';
					echo '<item>';
						while( $row = mysqli_fetch_array( $data ) ){
						echo '<R'. $number . '>';

						$subject = $row['subject'];
						$sender = $row['sender'];				
						$send_date = $row['send_date'];
						$d_day = $row['d_day'];
						$category = $row['category'];
						$message = $row['message'];
						$message_id = $row['message_id'];

						echo '<A>' . $subject . '</A>';
						echo '<B>' . $sender .'</B>';
						echo '<C>' . $send_date .'</C>';
						echo '<D>' . $d_day . '</D>';
						echo '<E>' . $category . '</E>';
						echo '<F>' . $message . '</F>';
						echo '<G>' . $message_id . '</G>';
						echo '</R'. $number . '>';


						$number = $number + 1;

					}
					
					mysqli_close($dbc);
				
				
					echo '<num>' . $number . '</num>';
					echo '</item>';
					echo '</result>';
				 

		
				}
		}
		
?>

